Public Data Assigned to Private Array-Typed Field
Weakness ID: 496 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

Assigning public data to a private array is equivalent to giving public access to the array.
+ Time of Introduction
  • Implementation
+ Applicable Platforms






+ Demonstrative Examples

Example 1

In the example below, the setRoles() method assigns a publically-controllable array to a private field, thus allowing the caller to modify the private array directly by virtue of the fact that arrays in Java are mutable.

(Bad Code)
Example Language: Java 
private String[] userRoles;
public void setUserRoles(String[] userRoles) {
this.userRoles = userRoles;
+ Potential Mitigations

Do not allow objects to modify private members of a class.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class485Insufficient Encapsulation
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsPublic Data Assigned to Private Array-Typed Field
+ White Box Definitions

A weakness where code path has a statement that assigns a data item to a private array field and the data item is public

+ Content History
Submission DateSubmitterOrganizationSource
7 Pernicious KingdomsExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-08-01KDM AnalyticsExternal
added/updated white box definitions
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Relationships, Taxonomy Mappings